mongrel_send_file GemPlugin
This is a simple plugin to handle the sending of secure files from a rails app. Here’s the typical process:
-
Rails app authorizes user to download file
-
Rails app sets file info in the session, redirects to custom URL like /file/UNIQUE_HASH/filename
-
Mongrel handler pulls the full filename path and content type from the session using the unique hash, sends it to the user
Usage
After installing the gem, you’ll need to setup the handler for your Rails app:
# config/mongrel_send_file.conf uri “/file/”, :handler => plugin(“/handlers/sendfile”, :session_key => ‘_my_session_id’, :session_files_key => :files), :in_front => true
# rails action that sends the file
def download
# do whatever it is you do to find get the filename/content type
@attachment = Attachment.find(params[:id])
# this doesn't matter as long as it's unique
filehash = Digest::SHA1.hexdigest( Time.now.to_s.split('//').sort_by { rand }.join )
# initialize session. Use the :session_files_key option here
session[:files] ||= {}
# set the value for this file with a 5 minute expiration time
session[:files][filehash] = [5.minutes.from_now.to_i, @attachment.full_filename, @attachment.content_type]
# redirect to the path served by mongrel_send_file
redirect_to "/file/#{filehash}/#{@attachment.filename}"
end
# startup mongrel with this command mongrel_rails -S config/mongrel_send_file.conf
Note
I wrote this for a couple Rails apps that use the SqlSessionStore plugin [1]. So, it’s very opinionated about how it gets the info from the session. This app should work with any app that runs on Mongrel (not just rails), just monkey patch the SendFile#find_session method. Submit suggestions as patches if you have them too.